Shulou(Shulou.com)11/24 Report--

Why does VLAN exist?

What is VLAN?

How to use VLAN?

If we want to figure this out, we have to understand "broadcast domain."

Smart, you must know what a broadcast domain is.

So what is the relationship between broadcast domain and VLAN?

01. Why use VLAN? According to the above conversation, we know that all users in the broadcast domain will listen to the broadcast packet.

Suppose there are many departments in a company: technical department, R & D department, marketing department, etc.

However, the computers in each department have more contacts within the department and less between departments. Then it is necessary to isolate different departments, that is, to make the broadcast domain smaller.

We use three switches to represent three departments to form a network connected to a small number of computers.

Suppose that at this point, A needs to communicate with B.

What happens if different departments are not quarantined?

1.A must first broadcast "ARP request Information" to try to obtain the MAC address of B. In Ethernet-based communication, the destination MAC address must be specified in the data frame to communicate properly.

two。 After receiving the "ARP request information" from A, the technology department switch will forward the "ARP request information" to all the devices connected to it except A (B and R & D switches).

3. After receiving the broadcast, the R & D switch sends the broadcast to C, D and the marketing switch.

4. After receiving the broadcast, the marketing switch broadcasts to E and F, and eventually the "ARP request message" is forwarded to all computers in the network.

Computers other than B will be discarded directly after receiving the message.

Only B responds by sending its MAC address information to the switch of the technical department, which then sends it to A.

Note:

The purpose of this is to get the MAC address of computer B. As long as computer B can receive it, everything will be all right.

In fact, data frames spread all over the network, and all computers received ARP request messages.

In this way, it will lead to the following bad consequences:

1. The overall bandwidth of the network is occupied.

two。 Potential information security risks.

3. Take up CPU resources.

Therefore, VLAN came into being!

02. What is VLAN?VLAN (Virtual Local Area Network, Virtual Local area Network) is developed on the basis of LAN (Local Area Network).

LAN: refers to a computer network connected by multiple computers in a certain area to realize data transmission and resource sharing. Through the division of geographical location, generally within a few kilometers.

VLAN: it means that the local area network is logically divided into smaller local area networks, and the VLAN is isolated on the data link layer, thus realizing the data exchange technology of the virtual workgroup.

Therefore, in the above example, we need to divide computer An and computer B into the same VLAN.

As shown in the following figure, both computer An and computer B are divided into VLAN1 and isolated from other computers, so that computer A sends broadcasts and only computer B can receive them.

In addition, the same is true of dividing VLAN across switches.

Assuming that the technology department switch and the R & D department switch are in two office buildings, the VLAN can be logically divided, so that people in the same department in both buildings can form the same VLAN.

Okay, let's see, how does VLAN work?

03. How to implement VLAN? [VLAN based on port division] VLAN is divided based on port division, that is, according to the ports of Ethernet switches.

The corresponding relationship between port and VLAN is as follows:

Gei-1/1/0/1VLAN 10gei-1/1/0/3gei-1/1/0/2VLAN 20gei-1/1/0/4 allows computers connected to the same VLAN to communicate with each other.

Take a chestnut:

Computer 192.168.0.1 and computer 192.168.0.3 can communicate with each other.

There is no communication between computer 192.168.0.1 and computer 192.168.0.2.

This is the port-based partition of VLAN, which is our most commonly used method of VLAN implementation.

The characteristics of the method of dividing VLAN based on port are as follows:

Defining advantages the VLAN operation is very simple, just specify the port. The disadvantage is that if a user of VLAN 10 leaves the original port and goes to a port on a new switch, it needs to be redefined. [dividing VLAN based on MAC address] the switch decides in which VLAN the message should be forwarded according to the MAC address of the message, so the switch needs to know the mapping relationship between MAC and VLAN.

The corresponding relationship between MAC address and VLAN is as follows:

00-00-00-00-00-01VLAN 1000-00-00-00-00-00-0300-00-00-00-00-02VLAN 2000-00-00-00-00-04 dividing VLAN based on MAC address is more troublesome and requires recording all computer MAC addresses. However, when the user port changes, the VLAN partition does not change.

The characteristics of the method of dividing VLAN based on MAC address are as follows:

Advantages when the switch connected to the computer changes, it does not need to be reconfigured. Shortcoming

All computers must be divided into VLAN, if there are a large number of computers, the workload will be particularly heavy.

The inability to restrict the broadcast domain results in inefficient switch execution.

Laptop users need to reconfigure when replacing the network card.

[partition VLAN based on network layer] divide VLAN based on network layer, that is, divide VLAN according to the network layer address or protocol address of each computer (if multi-protocol is supported).

The corresponding relationship between network protocol and VLAN is as follows:

192.168.0.1ICMP protocol

VLAN 10192.168.0.3192.168.0.2IP protocol

VLAN 20192.168.0.4ICMP protocol: Internet Control Message Protocol,Internet control message protocol.

The characteristics of the method of dividing VLAN based on network layer are as follows:

The advantage of the physical location change does not need to reconfigure the VLAN, but to divide the VLAN according to the type of protocol. The disadvantage is inefficient and it takes time to check each network layer address. [divide VLAN based on subnet address] divide VLAN based on subnet address, that is, a network segment is a VLAN.

In the figure, some computers under the switch belong to 1.0network segment, and some computers belong to 2.0network segment, so the users of different network segments can be divided into different VLAN through configuration.

The corresponding relationship between subnet address and VLAN is as follows:

192.168.1.1VLAN 10192.168.1.2192.168.1.3192.168.2.1VLAN 20192.168.2.2192.168.2.3 the method of dividing VLAN based on subnet address has the following characteristics:

The advantage is more flexible and easy to expand through the router. The disadvantage is not suitable for the local area network and the efficiency is not high. 04. After so much summary, let's sum up the advantages of VLAN:

Control broadcast storm

A VLAN is a logical broadcast domain. Through the creation and division of VLAN, the broadcast domain is isolated, and the generation of broadcast storm can be controlled.

Improve the overall security of the network

Through VLAN partition principles such as ports and MAC addresses, user access rights and logical network segment size can be controlled, and different user groups can be divided into different VLAN, so as to improve the overall performance and security of the switched network.

Network management is simple and intuitive.

Using VLAN technology, network users in different geographical locations can be divided into a logical network segment according to different needs. It greatly reduces the burden of network management and maintenance, and reduces the cost of network maintenance.

This article comes from the official account of Wechat: ZTE documents (ID:ztedoc)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.